# WireGuard Client Configuration for {{ client_name }}
# Generated by Ansible - DO NOT EDIT MANUALLY

[Interface]
# Client private key
PrivateKey = {{ client_private_key.stdout }}

# Client IP address in VPN network
Address = {{ client_ip }}/24

# DNS server (optional)
DNS = 1.1.1.1, 8.8.8.8

[Peer]
# Server public key
PublicKey = {{ server_public_key_cmd.stdout }}

# Server endpoint
Endpoint = {{ server_external_ip_content }}:{{ wireguard_port }}

# Allowed IPs (routes through VPN)
# IMPORTANT: Only VPN network is routed through VPN by default
# SSH access via normal IP ({{ server_external_ip_content }}) remains available
AllowedIPs = {{ allowed_ips }}

# Keep connection alive
PersistentKeepalive = 25